You are here
Hannaford Bros. said that unauthorized software or "malware" that was secretly installed on all of its store servers resulted in the data breach involving as many as 4.2 million customer credit and debit cards, according to a published report.
The company sad it doesn't know yet how the software got on its servers. "Virtually everything is possible," spokeswoman Carol Eleazer told the Associated Press. "There are still many, many aspects that we don't totally understand."
Eleazer said that the cause of the beach wasn't revealed earlier "because of the confidential nature of the investigation." The U.S. Secret Service is still investigating the matter.
About 1,800 cases of fraud are said to be related the breach, with unauthorized charges reported as far away as Mexico, Italy, and Bulgaria.
The breach seems to be the first massive theft of credit and debit card numbers while the information was in transit. According to Hannaford, the breach, which took place between Dec. 7 and March 10, enabled credit and debit card numbers to be stolen as shoppers swiped their cards at checkout and the data was sent to banks for approval.
Maine assistant attorney general Linda Conti told the Associated Press that the breach started as a single message sent to a single location that was then sent to multiple locations.
Despite the filing of several class actions in connection with the breach, Hannaford was found to be in compliance with the security standards required by the Payment Card Industry, a coalition of credit card companies.